[Rhodes22-list] Does our website need SSL?

Mon Jul 20 13:09:55 EDT 2020

IMHO, I would prefer not to sell merchandise on the owner's site. I always thought the point was to avoid commercialization.Mikes/v Wind Lass ('91)
-------- Original message --------From: Tom Van Heule <tom.vanheule at intrinsicprograms.com> Date: 7/20/20  10:56 AM  (GMT-05:00) To: The Rhodes 22 Email List <rhodes22-list at rhodes22.org> Subject: Re: [Rhodes22-list] Does our website need SSL? I did setup a discord : https://discord.gg/MbpR9Q for discussing nuts andbolts of the website - it seems we are happy to discuss here.   (and I wontdelete the discord ever...)As some have said - we would like to have some protected areas of the siteand getting encrypted is table stakes for a new build today.I suggest we keep it as free and secure as possible, until we start sellingmerchandise :) Then we get Stan a new revenue stream.I agree with Michael here- the amount of data should be obfuscated from thepublic.    It sounds like there are several of us around who know whatbrute forcing means - and this could all be taken from us in a matter ofminutes... we don't want to put the 20+ years of info at risk like that(fear mongering , apologies).But that being said - I think I might call Stott for my remodel - the infois useful!Have a great Monday,TomOn Mon, Jul 20, 2020 at 9:39 AM Michael D. Weisner <mweisner at ebsmed.com>wrote:> Should we require SSL or TLS for the website is an interesting question.>> The website itself does not require login or passwords, at least at this> time. The only exception to this policy is access to the email list. The> mailman pages require that a user maintain a password which is used to> access the archives or change mail delivery options. As far as real> security on mailman, it must be noted that all of our posts are available> through google.com searches which means that there is no real privacy of> content. The same is probably true for the nabble site.>> Mike> s/v Wind Lass ('91)> Nissequogue River, NY>>> -----Original Message-----> From: Rhodes22-list <rhodes22-list-bounces at rhodes22.org> On Behalf Of> Larry Gioia via Rhodes22-list> Sent: Monday, July 20, 2020 9:21 AM> To: The Rhodes 22 Email List <rhodes22-list at rhodes22.org>> Subject: Re: [Rhodes22-list] Does our website need SSL?>> From our experience with my small company’s website:>> - the reason we use it is clients require it because they enter passwords> and use of SSL encrypts them. Not an issue to the Rhodes site. Another> reason is other sites that link to us prefer it to be an https link - again> probably not an issue to the Rhodes site.> - SSL is free, but a digital SSL certificate is needed from a certificate> authority - the cheapest we found is GoDaddy.com, $64 first year, $80/yr> thereafter.  To avoid the charge you can self-sign your certificate but> website users will get a message saying this site uses a self-signed> certificate- be sure you trust them. Makes people a little nervous.>> I’m no expert on this, it’s just what we found and do - perhaps there are> now new free methods.>> Larry> ‘14 R22 Language of Love> ‘86 R22 <still unnamed!>>> > On Jul 19, 2020, at 11:37 PM, Hank <hnw555 at gmail.com> wrote:> >> > He's right. TLS 1.2 is the current standard and has replaced SSL.> > Folks still use SSL as the general term, though.> >> >> On Sun, Jul 19, 2020, 19:46 Todd Tavares <tavares0947 at gmail.com> wrote:> >>> >> My son is a web dev and said every website should have SSL..and its> free.> >> But he said the latest is TLS(?).> >>> >> Todd T> >>> >> tavares0947 at gmail.com> >>> >>> On Fri, Jul 17, 2020, 5:05 PM Peter Nyberg <peter at sunnybeeches.com>> wrote:> >>>> >>> Tom,> >>>> >>> You’ve mentioned SSL certification several times now, so I suspect> >>> that this is a subject near and dear to your heart.  But I don’t> >>> understand> >> why> >>> you think we should have it.  The website isn’t doing e-commerce or> >>> anything.  Could you elaborate?> >>>> >>> Thanks,> >>>    Peter> >>>> >>>> On Jul 17, 2020, at 10:08 AM, Tom Van Heule <> >>> tom.vanheule at intrinsicprograms.com> wrote:> >>>>> >>>> Jesse - I also understand that nabble data is only partial -> >>>> something> >>> that> >>>> there was nothing previous to 2009 in Nabble... but the entirety is> >> where> >>>> Peter indicated.  I would like to see someone who knows be able to> >> update> >>>> nabble to get ALL the data (or find another way to modernize the UI> >>>> of> >>> all> >>>> the archives). Also Nabble, and for that matter our current site> >>>> have> >> no> >>>> SSL certification.  https://letsencrypt.org/getting-started/  this> >>>> is> >>> free> >>>> and legit - but someone with access needs to go through.> >>>>> >>>> Peter - this looks great, nothing fancy needed, but more complete.> >> Thank> >>>> you.  And thank you for not using wordpress (it's a peeve of mine)> >>>>> >>>> aside- we KNOW there are photos that get lost in the archives -> >>>> perhaps there is a content discovery tool we can run against the> >>>> archives -> >>> really> >>>> most posts with a photo attached are worth indexing?> >>>>> >>>> Happy Friday all -> >>>> Tom> >>>> >>>>> >>>> Tom Van Heule> >>>> Intrinsic Programs> >>>> tom.vanheule at intrinsicprograms.com> >>>> +1 303 525 5266> >>>> >>>> >>>>-- Tom Van HeuleIntrinsic Programstom.vanheule at intrinsicprograms.com+1 303 525 5266